Converged Mechanism for Protecting Data

ABSTRACT

Embodiments disclosed herein provide systems, methods, and computer readable media for a converged mechanism for protecting data. In a particular embodiment, a method provides identifying a level of importance for a plurality of data items and tracking changes to the plurality of data items. The method further provides aggregating the changes based on the level of importance and logging the aggregated changes.

TECHNICAL BACKGROUND

There exist many different methods for protecting data from loss. Thesemethods include synchronous replication, Continuous Data Protection(CDP), backup, and archiving to name a few. Each of these methods may beimplemented individually on specified data sets and each provides adifferent level of protection. Thus, applying one of these protectionmethods to a large data set that includes data having different levelsof importance may result in some of that data being over or underprotected.

OVERVIEW

Embodiments disclosed herein provide systems, methods, and computerreadable media for a converged mechanism for protecting data. In aparticular embodiment, a method provides identifying a level ofimportance for a plurality of data items and tracking changes to theplurality of data items. The method further provides aggregating thechanges based on the level of importance and logging the aggregatedchanges.

In some embodiments, aggregating changes based on the level ofimportance comprises aggregating changes to first data items of theplurality of data items more often than changes to second data items ofthe plurality of data items, wherein the first data items have a higherlevel of importance than the second data items.

In some embodiments, aggregating changes based on the level ofimportance further comprises aggregating the changes to the second dataitems more often than changes to third data items of the plurality ofdata items, wherein the second data items have a higher level ofimportance than the third data items, and aggregating the changes to thethird data items more often than changes to fourth data items of theplurality of data items, wherein the third data items have a higherlevel of importance than the fourth data items.

In some embodiments, aggregating the first data items comprisesperforming synchronous replication on the changes to the first dataitems and aggregating the second data items comprises performingContinuous Data Protection (CDP) on the changes to the second dataitems.

In some embodiments, aggregating the changes to the third data itemscomprises periodically backing up the changes to the third data itemsand aggregating the changes to the fourth data items comprises archivingthe changes to the second data items.

In some embodiments, logging the aggregated changes comprises storing afirst log of the changes to the first data items remote to the pluralityof data items.

In some embodiments, logging the aggregated changes comprises storing asecond log of the changes to the second data items local to theplurality of data items.

In some embodiments, logging the aggregated changes comprises copyingthe changes to the third data items to a third log and moving thechanges to the fourth data items to a fourth log.

In some embodiments, the method further provides restoring at least aportion of the plurality of data items to the primary data repositorybased on the aggregated changes.

In some embodiments, the level of importance for the plurality of dataitems corresponds to recovery time and a recovery point objectives forthe plurality of data items.

In another embodiment, a data protection system is provided includingone or more computer readable storage media and a processing systemoperatively coupled with the one or more computer readable storagemedia. The data protection system further includes program instructionsstored on the one or more computer readable storage media that, whenread and executed by the processing system, direct the processing systemto identify a level of importance for a plurality of data items andtrack changes to the plurality of data items. The program instructionsfurther direct the data protection system to aggregate the changes basedon the level of importance and log the aggregated changes.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a computing environment for protecting data based onimportance of the data.

FIG. 2 illustrates an operation of the computing environment forprotecting data based on importance of the data.

FIG. 3 illustrates operational scenarios of the computing environmentfor protecting data based on importance of the data.

FIG. 4 illustrates another computing environment for protecting databased on importance of the data.

FIG. 5 illustrates an operation of the other computing environment forprotecting data based on importance of the data.

FIG. 6 illustrates another operation of the other computing environmentfor protecting data based on importance of the data.

FIG. 7 illustrates another operation of the other computing environmentfor protecting data based on importance of the data.

FIG. 8 illustrates another operation of the other computing environmentfor protecting data based on importance of the data.

FIG. 9 illustrates another operation of the other computing environmentfor protecting data based on importance of the data.

FIG. 10 illustrates a data processing system for protecting data basedon importance of the data.

DETAILED DESCRIPTION

The following description and associated figures teach the best mode ofthe invention. For the purpose of teaching inventive principles, someconventional aspects of the best mode may be simplified or omitted. Thefollowing claims specify the scope of the invention. Note that someaspects of the best mode may not fall within the scope of the inventionas specified by the claims. Thus, those skilled in the art willappreciate variations from the best mode that fall within the scope ofthe invention. Those skilled in the art will appreciate that thefeatures described below can be combined in various ways to formmultiple variations of the invention. As a result, the invention is notlimited to the specific examples described below, but only by the claimsand their equivalents.

The various embodiments disclosed herein provide a converged mechanismfor protecting data based on importance of the data. Importance may bemeasured or defined based on any metric for expressing importance. Forexample, importance may be defined specifically as a desired recoverytime and recovery point objectives for given items of data. Data of thehighest importance may be protected through synchronous replication.Synchronous replication duplicates every data block to another storagelocation. Data that is not of the highest importance but still ofrelatively high importance may be protected through Continuous DataProtection (CDP). CDP writes every changed block (e.g. written to) to alog along with a time when the block was changed. Data of mediumimportance, which is less important than the data protected using CDP,may be protected through data backups that write a copy of data toanother, usually low cost, storage location along with a time when thedata was copied. Data of lowest importance is moved (i.e. archived),instead of copied, to another storage location and a time of the move isrecorded.

Data in a system is not always of the same level of importance and,therefore, may each require a different type of data protection, asdescribed above. Data items of lower importance can always be protectedin the same manner as data of higher importance. However, a method forprotecting data of higher importance tends to use more resources (e.g.storage, network, processing, etc.) than a method for protecting data oflower importance. Thus, ideally data will be protected according to itslevel of importance to conserve resources while still providing adequateprotection.

FIG. 1 illustrates computing environment 100 in an example scenario ofconverged mechanism for protecting data based on importance of the data.Computing environment 100 includes data protection system 101 and datastorage system 102. Data storage system 102 includes data log 103. Dataprotection system 101 and data storage system 102 communicate overcommunication link 111.

In operation, data protection system 101 aims to replicate the fourmethods of data protection described above depending upon the level ofimportance for data. In particular, data protection system 101 trackschanges to data and then logs these changes in log 103 on data storagesystem 102. The amount of changes included in each log entry depends onthe importance of the data. Data of highest importance will have everychange logged as an individual entry to mimic the process of synchronousreplication. As data importance is lowered, more and more changes areaggregated into each log entry before being stored in log 103. Forexample, as a period for data backup becomes greater, the data changesare aggregated less often (i.e. once per period) before being stored asan entry into log 103. Hence, the number of importance levels availablefor data protected by data protection system 101 may be far moregranular than the four levels described above.

FIG. 2 illustrates operation 200 of computing environment 100 forprotecting data based on importance of the data. Operation 200 includesdata protection system 101 identifying a level of importance for aplurality of data items (data items 1-N in this example) at step 201. Auser may identify the data items 1-N and the level of importance forthose data items. Alternatively, data protection system 101 may examinedata items 1-N to determine the appropriate level of importance. Theexamination may include examining content of data items 1-N, alocation(s) where data items 1-N are stored, the processes being run ondata items 1-N, or any other information that may indicate a data item'slevel of importance.

Data items 1-N may be stored in a storage system of data protectionsystem 101 or may be stored elsewhere, such as a local user workstation,a data processing server, a network based storage system (e.g. a storagesystem similar to storage system 102), or any other system capable ofstoring data items. In some examples, the functionality of dataprotection system 101 is incorporated into a system that is processing,creating, or otherwise using data items 1-N. While data items 1-N arenumber sequentially for ease of explanation, data items 1-N are notnecessarily sequential data items.

Additionally, at step 202, data protection system 101 tracks changes todata items 1-N. The changes may include one or more writes to one of thedata items or one or more writes creating one or more of the data items.Essentially, anything that changes any of data items 1-N from a previousstate is tracked. The previous state is the most recently logged stateof a data item (e.g. changes since the last time the data item wasprotected) or alternatively the state recorded in storage system 102.The changes are then aggregated by data protection system 101 at step203 based on the level of importance.

If data items 1-N are of the highest level of importance, eachaggregation includes only a single change to a data item before theaggregation is stored as an entry in log 103 at step 204. This level ofgranularity guarantees that a data item can be restored to a previousstate or otherwise accessed in that previous state. However, if theimportance level of data items 1-N is lower, then multiple changes foreach data item may be aggregated into a single entry and stored in log103 at step 204. While a log entry for a data item having an aggregateof multiple changes does not allow for restoration based on a single oneof those changes, the level of importance for the data item shouldindicate that such a precise restoration is not necessary. The time inwhich aggregation of changes occurs may be triggered based on time (e.g.aggregate changes every x hours), based on number of changes (e.g.aggregate when a data item has x changes), manually, or some other meansfor triggering a process.

While operation 200 allows for an infinite number of importance levels,preferably a finite number of levels and corresponding aggregation timesare defined. In a particular example, four levels of importance aredefined to correspond to the synchronous replication, CDP, backup, andarchive processes described above. The highest level, level 1,corresponds to synchronous replication wherein each change to a dataitem is an entry in log 103. Level 2 corresponds to CDP, which isperformed almost identically to level 1, however storage system 102 uponwhich log 103 is located is not necessarily remote from the storagesystem on which data items 1-N are stored. That is, log 103 may bestored on the same storage system as data items 1-N. Level 3 correspondsto a backup scheme wherein changes over a backup time period (e.g. everyhour, day, or other measure of time) are aggregated and stored as anentry in log 103. Level 4 then corresponds to archiving, which isperformed similarly to a backup, however data items 1-N are removed fromtheir primary storage location when stored a entries in log 103.

Advantageously, any data may be identified as having a level ofimportance 1-4 and data protection system 101 is able to use the samemechanism (i.e. storing entries in a log as described above) to protectthe data regardless of the level of importance. Moreover, while theabove examples describe only data items 1-N having a common level ofimportance, data protection system 101 is able to concurrently protectother data items having differing levels of importance. A single log 103may be used for all entries regardless of importance level or log 103 mybe separated into multiple logs with each log separated based on levelof importance of the entries stored therein, based on data type, basedon user defined partitions, or some other reason for log separation.

Referring back to FIG. 1, data protection system 101 comprises acomputer system and communication interface. Data protection system 101may also include other components such as a router, server, data storagesystem, and power supply. Data protection system 101 may reside in asingle device or may be distributed across multiple devices. Dataprotection system 101 could be an application server(s), a personalworkstation, or some other network capable computing system—includingcombinations thereof.

Data storage system 102 comprises a communication interface and one ormore non-transitory storage medium, such as a disk drive, flash drive,magnetic tape, data storage circuitry, or some other memory apparatus.Data storage system 102 may also include other components such asprocessing circuitry, a router, server, data storage system, and powersupply. Data storage system 102 may reside in a single device or may bedistributed across multiple devices. Data storage system 102 is shownexternally to data protection system 101, but system 102 could beintegrated within the components of data protection system 101.

Communication link 111 could use various communication protocols, suchas Time Division Multiplex (TDM), Internet Protocol (IP), Ethernet,communication signaling, Code Division Multiple Access (CDMA), EvolutionData Only (EVDO), Worldwide Interoperability for Microwave Access(WIMAX), Global System for Mobile Communication (GSM), Long TermEvolution (LTE), Wireless Fidelity (WIFI), High Speed Packet Access(HSPA), or some other communication format—including combinationsthereof. Communication link 111 could be a direct link or may includeintermediate networks, systems, or devices.

FIG. 3 illustrates operational scenarios 300 and 301 in an exemplaryembodiment. In scenario 300, importance level of data items 1-N isidentified to be level 1 or 2, wherein log 103 for level 1 is storedremotely from items 1-N and log 103 for level 2 is stored locally toitems 1-N. At step 1, changes to data items 1-N are tracked. A singlechange is detected to data item 2 and indicated as item 2(C). Sinceimportance levels 1 and 2 both call for each individual change to belogged, item 2(C) is aggregated at step 2 into log entry 320 along withthe time of entry 320's creation, which should be roughly equivalent tothe time item 2 was changed. At step 3, entry 320 is stored in log 103.In some cases, item 2(C) is stored in its entirety within entry 320while in other cases only the changes from a previously stored entry arestored.

In scenario 301, the importance level of data items 1-N is identified tobe levels 3 or 4, wherein level 3 simply copies changes in entries tolog 103 while level 4 moves changes in entries to log 103. In thisscenario, a time period is defined for when changes should beaggregated. The time period may be any amount of time and may be definedin any way, such as once every x hours, every day a y and z time, orotherwise. During each time period, step 1 tracks changes to data items1-N. In this example, item 2 changes 3 times during the time period andthe changes are represented as item 2(C1), (C2), and (C3). Once the timeperiod ends, these changes are aggregated into log entry 321 as item2(C1-C3) along with a time when the entry 321 is created, which shouldbe roughly equivalent to when the time period ended. Entry 321 is thenstored in log 103 at step 3. In some cases, item 2(C1-C3) is stored inits entirety within entry 321 while in other cases only the changes toitem 2 from a previously stored entry are stored.

It should be understood, that while only changes to item 2 are discussedwith respect to scenario 301, other items may also change during thetime period. The changes to these other items may be aggregated intoentry 321 or may be aggregated into separate entries for storage in log103.

FIG. 4 illustrates computing environment 400 for protecting data basedon importance of the data. Computing environment 400 includes dataprotection system 401, primary data repository 402, secondary datarepository 403, and communication network 404. Data protection system401, primary data repository 402, and secondary data repository 403communicate with communication network 404 over communication links411-413.

Communication network 404 comprises network elements that providecommunications services to connected systems and devices. Communicationnetwork 404 may comprise switches, wireless access nodes, Internetrouters, network gateways, application servers, computer systems,communication links, or some other type of communicationequipment—including combinations thereof. Communication network 404 maybe a single network, such as a local area network, a wide area network,or the Internet, or may be a combination of multiple networks.

In operation, primary data repository 402 stores data items 420 in astorage system similar to storage system 102. Data items 420 maycomprise items in a database or may be some other type of data. Dataitems 420 are data items that are currently in production such that theycan be read from, written to, added to, deleted from, etc. Dataprotection system 401 is charged with protected data items 420 shoulddata items 420 ever need to be restored to a previous condition, as maybe the case if primary data repository 402 fails, if data items 420 areerroneously deleted, if erroneously changes were made to data items 420,or for any other reason any of data items 420 may need to be restored toa prior version. Primary data repository 402 and secondary datarepository 403 each store log 421 and log 431, respectively. Log 421 andlog 431 each include entries containing versions of data items in dataitems 420 that were previously stored in the manner described belowshould they ever be needed for restoration or otherwise accessed.

FIG. 5 illustrates operational scenario 500 of computing environment 400for protecting data based on importance of the data. In scenario 500,data protection system 401 identifies the importance level of data itemswithin data items 420 and categorizes data items 420 into those levelsat step 1. In this example, four importance levels 1-4 are used by dataprotection system 401 with level 1 being the highest level of importanceand level 4 being the lowest. The level of each data item may be definedby a user, defined within the data item itself, or through some othermeans. The importance level may be defined on a data item by data itembasis, on a grouping basis (e.g. all data items in a particular sectionof data), on a categorical basis (e.g. all data items in a certaincategory or having a certain topic), based on the age of each data item,or defined in some other manner—including combinations thereof. In somecases, if a data item has conflicting levels of importance (e.g. theuser defined one level while an administrator or the data item itselfdefined another), then data protection system 401 may use the higherimportance level or may solve the conflict in some other manner.

In one example, each importance level may correspond to a differentdesired recovery time and recovery point objective. For instance, dataitems of the highest importance level, level 1, may be data items wherethe quickest recovery time and the smallest time period between recoverypoints relative to the recovery times and recovery points of the otherimportance levels 1-4. As data items get lower in the levels ofimportance, the recovery times and time periods for recovery pointsgenerally increase. In these examples, the level of importance forvarious data items may be defined based on the desired recovery time andrecovery point for the various data items.

In scenario 500, data protection system 401 identifies level 1 dataitems 501, level 2 data items 502, level 3 data items 503, and level 4data items 504. It should be understood that while data items 501-503categorize data items 420, the data items within each of data items501-504 remain in data items 420. In an example, data protection system101 may sort data items 420 into levels 1-4 based on the desiredrecovery time and recovery point for the data items. In some examples,data protection system 401 may reorder data items based on level ofimportance within data items 420 on primary data repository 402,although such reordering is not necessary. As items are changed in dataitems 420, data protection system 401 continually identifies the levelof importance for the changed items and includes those items in theproper category of data items 501-504. Once categorized, data protectionsystem 401 performs one of operations 600, 700, 800, and 900 on dataitems 501-504, respectively.

FIG. 6 illustrates operation 600 of computing environment 400 forprotecting data based on importance of the data. Operation 600 protectslevel 1 data items 501 in manner analogous to synchronous replication.Level 1 data items 501 include the highest level of importance and aretherefore protected most often. As such, in operation 600, dataprotection system 401 identifies each change to a data itemindividually, and substantially immediately after any change occurs, atstep 1. Changed data item 601 is one of the changed data items of level1 data items 501 for this example. An entry 602 is then created havingchanged data item 601 therein at step 2. Entry 602 is then stored in log431 of secondary data repository 403 at step 3 along with previousentries 451-454. By storing entry 602 in secondary data repository 403remote from primary data repository 402, changed data item 601 isprotected almost immediately upon its creation even from failure ofprimary data repository 402.

FIG. 7 illustrates operation 700 of computing environment 400 forprotecting data based on importance of the data. Operation 700 protectslevel 2 data items 502 in manner analogous to CDP. Level 2 data items502 include the second highest level of importance and are thereforeprotected just as often as level 1 data items 501. In operation 700,like operation 600, data protection system 401 identifies each change toa data item individually, and substantially immediately after any changeoccurs, at step 1. Changed data item 701 is one of the changed dataitems of level 1 data items 502 for this example. An entry 702 is thencreated having changed data item 701 therein at step 2. Entry 702 isthen stored in log 421 of primary data repository 402 at step 3 alongwith previous entries 441-444. By storing entry 702 in primary datarepository 402, changed data item 701 is protected almost immediatelyupon its creation. Unlike operation 600, entry 702 is stored locally toprimary data repository 402 and is therefore not necessarily protectedfrom failure of primary data repository 402. Thus, log 421 may itself beprotected by data protection system 401. For example, log 421 may itselfbe considered level 3 or 4 data within data items 420.

FIG. 8 illustrates operation 800 of computing environment 400 forprotecting data based on importance of the data. Operation 800 protectslevel 3 data items 503 in manner analogous to backing up level 3 dataitems 503. Level 3 data items 503 include the third highest level ofimportance and are therefore not protected as often. In operation 800,data protection system 401 identifies all changes to level 3 data items503 over a period of time, at step 1. The period of time may be anypossible period of time (e.g. every hour, day, week, etc.), which may bedefined by a user or otherwise. Changed data items 801 are the result ofstep 1 in this example. Changed data items 801 are aggregated into asingle entry 802 at step 2. Entry 802 is then stored in log 431 ofsecondary data repository 403 at step 3 along with previous entries451-454. To further illustrate that multiple levels of protection canshare a single log, log 431 is further shown to include entry 602 thatwas stored as the result of operation 600.

While aggregating changes periodically, as does operation 800, may allowfor gaps to exist should level 3 data items 503 ever need to berestored, level 3 data items 503 are of lower importance and that riskshould be outweighed by the benefits of not backing up as often. Shoulda user decide that any of level 3 data items 503 should be backed upmore often, then the user may redefine those data items to have a higherlevel of importance for future protection. Additionally, while thisexample on has one time period for backing up data items, moreimportance levels may be defined that each backup data items overdifferent time periods (e.g. a level for daily backups and another levelfor weekly backups). Generally, it can be assumed that shorter periodsof time between backups will equate to fewer changes being aggregated ateach backup. Therefore, if more aggregation points are desired forcertain data items such that fewer changes are aggregated at each point,those data items should be categorized at an importance level having ashorter time period between backups.

FIG. 9 illustrates operation 900 of computing environment 400 forprotecting data based on importance of the data. Operation 900 protectslevel 4 data items 504 in manner analogous to archiving level 4 dataitems 504. Level 4 data items 504 include the lowest level of importanceand are therefore not protected often. In operation 900, like operation800, data protection system 401 identifies all changes to level 4 dataitems 504 over a period of time, at step 1. The period of time may beany possible period of time (e.g. every hour, day, week, etc.), whichmay be defined by a user or otherwise. Changed data items 901 are theresult of step 1 in this example. Changed data items 901 are aggregatedinto a single entry 902 at step 2. Entry 902 is then stored in log 431of secondary data repository 403 at step 3 along with previous entries451-454. Also, to further illustrate that multiple levels of protectioncan share a single log, log 431 is further shown to include entry 602that was stored as the result of operation 600 and entry 802 that wasstored as the result of operation 800.

Moreover, since operation 900 archives changes 901 to level 4 data items504 since a previous archive or backup of level 4 data items, level 4data items 504 are deleted from data items 420 in primary datarepository 402 at step 4. Thus, any data items that are categorized aslevel 4 are moved to secondary data repository 403 and no longer usestorage space in primary data repository 402.

Advantageously, using log 421 and log 431, as described above, allowsdata protection system 401 to protect data items having different levelsof importance with the same log mechanism.

FIG. 10 illustrates data protection system 1000. Data protection system1000 is an example of data protection system 101, although system 101may use alternative configurations. Data protection system 1000comprises communication interface 1001, user interface 1002, andprocessing system 1003. Processing system 1003 is linked tocommunication interface 1001 and user interface 1002. Processing system1003 includes processing circuitry 1005 and memory device 1006 thatstores operating software 1007.

Communication interface 1001 comprises components that communicate overcommunication links, such as network cards, ports, RF transceivers,processing circuitry and software, or some other communication devices.Communication interface 1001 may be configured to communicate overmetallic, wireless, or optical links. Communication interface 1001 maybe configured to use TDM, IP, Ethernet, optical networking, wirelessprotocols, communication signaling, or some other communicationformat—including combinations thereof.

User interface 1002 comprises components that interact with a user. Userinterface 1002 may include a keyboard, display screen, mouse, touch pad,or some other user input/output apparatus. User interface 1002 may beomitted in some examples.

Processing circuitry 1005 comprises microprocessor and other circuitrythat retrieves and executes operating software 1007 from memory device1006. Memory device 1006 comprises a non-transitory storage medium, suchas a disk drive, flash drive, data storage circuitry, or some othermemory apparatus. Operating software 1007 comprises computer programs,firmware, or some other form of machine-readable processinginstructions. Operating software 1007 includes aggregation module 1008and log module 1009. Operating software 1007 may further include anoperating system, utilities, drivers, network interfaces, applications,or some other type of software. When executed by circuitry 1005,operating software 1007 directs processing system 1003 to operate Dataprotection system 1000 as described herein.

In particular, aggregation module 1008 directs processing system 1003 toidentify a level of importance for a plurality of data items.Aggregation module 1008 further directs processing system 1003 to trackchanges to the plurality of data items and aggregate the changes basedon the level of importance. Log module 1009 directs processing system1003 to log the aggregated changes.

The above description and associated figures teach the best mode of theinvention. The following claims specify the scope of the invention. Notethat some aspects of the best mode may not fall within the scope of theinvention as specified by the claims. Those skilled in the art willappreciate that the features described above can be combined in variousways to form multiple variations of the invention. As a result, theinvention is not limited to the specific embodiments described above,but only by the following claims and their equivalents.

What is claimed is:
 1. A computer-implemented method comprising: tracking changes made to a plurality of data items of a plurality of importance levels over a time period; for each data item incurring one or more changes over the time period: creating one or more changed data items configured to be used for restoring the data item, each changed data item storing a number of changes made to the data item, the number determined based on the importance level associated with the data item, and storing the changed data item; wherein a first number for a first data item is fewer than or equal to a second number for a second data item, the first data item associated with a first importance level higher than a second importance level associated with the second data item.
 2. The computer-implemented method of claim 1, further comprising for each data item incurring one or more changes over the time period: aggregating the number of changes.
 3. The computer-implemented method of claim 1, further comprising for each data item incurring one or more changes over the time period: aggregating the number of changes over a time interval determined based on the importance level.
 4. The computer-implemented method of claim 1, wherein the data items are protected according to a plurality of protection policies corresponding to the importance levels.
 5. The computer-implemented method of claim 1, wherein a changed data item is created for each change made to a data item of a first importance level among the importance levels.
 6. The computer-implemented method of claim 5, wherein the data items are stored at a primary storage location and wherein the change made to the data item is replicated to a second storage location concurrently with the change being made to the data item.
 7. The computer-implemented method of claim 1, wherein a changed data item is created for each change made to a data item of a second importance level among the importance levels.
 8. The computer-implemented method of claim 7, wherein the data items are stored at a primary storage location and wherein each change made to the data item of the second importance level is stored as a log entry on the primary storage location.
 9. The computer-implemented method of claim 1, wherein a changed data item is created to record one or more log entries, each log entry recording a change made to a data item of a second importance level among the importance levels, and wherein the time period is a backup time period defined by a backup policy for the data item.
 10. The computer-implemented method of claim 9, wherein the data items are stored at a primary storage location and wherein each log entry is created and stored at the primary storage location.
 11. The computer-implemented method of claim 1, wherein a changed data item is created to record one or more changes made to a data item of a third importance level among the importance levels, and wherein the time period is a backup time period defined by a backup policy for the data item.
 12. The computer-implemented method of claim 1, wherein a changed data item is created to record one or more changes made to a data item of a fourth importance level among the importance levels, and wherein the time period is an archive time period defined by an archive policy for the data item.
 13. The computer-implemented method of claim 1, wherein the changes are determined according to most recent states of the data items.
 14. The computer-implemented method of claim 1, wherein tracking the changes comprises receiving the changes from a data storage system storing the data items.
 15. The computer-implemented method of claim 1, further comprising restoring one or more data items by using the changed data items associated with the one or more data items.
 16. A system comprising: a processor; and non-transitory memory storing instructions configured to cause the processor to perform: tracking changes made to a plurality of data items of a plurality of importance levels over a time period; for each data item incurring one or more changes over the time period: creating one or more changed data items configured to be used for restoring the data item, each changed data item storing a number of changes made to the data item, the number determined based on the importance level associated with the data item, and storing the changed data item; wherein a first number for a first data item is fewer than or equal to a second number for a second data item, the first data item associated with a first importance level higher than a second importance level associated with the second data item.
 17. The system of claim 16, wherein the instructions are configured to cause the processor to further perform for each data item incurring one or more changes over the time period: aggregating the number of changes.
 18. The system of claim 16, wherein the instructions are configured to cause the processor to further perform for each data item incurring one or more changes over the time period: aggregating the number of changes over a time interval determined based on the importance level.
 19. The system of claim 16, wherein the data items are protected according to a plurality of protection policies corresponding to the importance levels.
 20. A computer readable medium storing instructions configured to cause a processor to perform a method comprising: tracking changes made to a plurality of data items of a plurality of importance levels over a time period; for each data item incurring one or more changes over the time period: creating one or more changed data items configured to be used for restoring the data item, each changed data item storing a number of changes made to the data item, the number determined based on the importance level associated with the data item, and storing the changed data item; wherein a first number for a first data item is fewer than or equal to a second number for a second data item, the first data item associated with a first importance level higher than a second importance level associated with the second data item. 